Filtered by CWE-284
Filtered by vendor Subscriptions
Total 2874 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-39414 1 Adobe 2 Commerce, Magento 2024-08-14 4.3 Medium
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.
CVE-2024-7525 2 Mozilla, Redhat 9 Firefox, Firefox Esr, Thunderbird and 6 more 2024-08-12 9.1 Critical
It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
CVE-2024-42354 1 Shopware 1 Shopware 2024-08-12 5.3 Medium
Shopware is an open commerce platform. The store-API works with regular entities and not expose all fields for the public API; fields need to be marked as ApiAware in the EntityDefinition. So only ApiAware fields of the EntityDefinition will be encoded to the final JSON. Prior to versions 6.6.5.1 and 6.5.8.13, the processing of the Criteria did not considered ManyToMany associations and so they were not considered properly and the protections didn't get used. This issue cannot be reproduced with the default entities by Shopware, but can be triggered with extensions. Update to Shopware 6.6.5.1 or 6.5.8.13 to receive a patch. For older versions of 6.2, 6.3, and 6.4, corresponding security measures are also available via a plugin.
CVE-2024-3279 1 Mintplexlabs 1 Anythingllm 2024-08-12 N/A
An improper access control vulnerability exists in the mintplex-labs/anything-llm application, specifically within the import endpoint. This vulnerability allows an anonymous attacker, without an account in the application, to import their own database file, leading to the deletion or spoofing of the existing `anythingllm.db` file. By exploiting this vulnerability, attackers can serve malicious data to users or collect information about them. The vulnerability stems from the application's failure to properly restrict access to the data-import functionality, allowing unauthorized database manipulation.
CVE-2024-41309 2 Enjay, Enjayworld 2 Crm, Enjay Crm 2024-08-08 8.4 High
An issue in the Hardware info module of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system.
CVE-2024-41245 2 Kashipara, Lopalopa 2 Responsive School Management System, Responsive School Management System 2024-08-08 7.5 High
An Incorrect Access Control vulnerability was found in /smsa/view_teachers.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view TEACHER details.
CVE-2024-41244 2 Kashipara, Lopalopa 2 Responsive School Management System, Responsive School Management System 2024-08-08 7.5 High
An Incorrect Access Control vulnerability was found in /smsa/view_class.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view CLASS details.
CVE-2024-41246 2 Kashipara, Lopalopa 2 Responsive School Management System, Responsive School Management System 2024-08-08 5.3 Medium
An Incorrect Access Control vulnerability was found in /smsa/admin_dashboard.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view administrator dashboard.
CVE-2024-41247 2 Kashipara, Lopalopa 2 Responsive School Management System, Responsive School Management System 2024-08-08 9.1 Critical
An Incorrect Access Control vulnerability was found in /smsa/add_class.php and /smsa/add_class_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to add a new class entry.
CVE-2024-41248 2 Kashipara, Lopalopa 2 Responsive School Management System, Responsive School Management System 2024-08-08 7.5 High
An Incorrect Access Control vulnerability was found in /smsa/add_subject.php and /smsa/add_subject_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to add a new subject entry.
CVE-2024-41249 2 Kashipara, Lopalopa 2 Responsive School Management System, Responsive School Management System 2024-08-08 7.5 High
An Incorrect Access Control vulnerability was found in /smsa/view_subject.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view SUBJECT details.
CVE-2024-41252 2 Kashipara, Lopalopa 2 Responsive School Management System, Responsive School Management System 2024-08-08 5.3 Medium
An Incorrect Access Control vulnerability was found in /smsa/admin_student_register_approval.php and /smsa/admin_student_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve student registration.
CVE-2024-41308 2 Enjay, Enjayworld 2 Crm, Enjay Crm 2024-08-08 8.4 High
An issue in the Ping feature of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system.
CVE-2022-1736 2022-05-19 4.3 Medium
A vulnerability was found in Gnome Control Center. When turning off RDP Remote Desktop Sharing with gnome-control-center, it would only turn off RDP sharing for the current session. RDP Sharing was enabled again without any additional user interaction or notification upon logging back in.